On April 4, 2024, the House of Peoples’ Representatives of Ethiopia announced via its Facebook page that the Parliament has approved the Personal Data Protection Bill. This legislation outlines data subject rights, principles of personal data processing, and conditions necessary to protect individuals’ rights when their personal data is processed, and establishes an independent supervisory authority.
**Definitions and Scope**
The bill defines key terms, including ‘physical identity data,’ which encompasses facial images, fingerprints, or similar personal data used to uniquely identify or verify an individual’s identity based on physical, physiological, and behavioral traits.
The term ‘data subject’ is defined as an ‘identifiable natural person,’ which includes names, identification numbers, telephone numbers, internet addresses, location data, online identifiers, or any other information that can directly or indirectly identify an individual through physical, genetic, mental, economic, cultural, or social characteristics.
The bill’s scope covers any personal data handled by a data controller or processor if:
– The entity is based in Ethiopia and the data is collected by the organization within the country; or
– Although the entity is not based in Ethiopia, the data is processed using a device located in Ethiopia and is not intended to leave the country, provided there is an agent based in Ethiopia.
Additionally, the bill outlines specific obligations for data controllers regarding the processing of personal data of minors.
The Ministry of Innovation and Technology of Ethiopia confirmed the bill’s approval, now designated as Proclamation No. 1321/2016, via its X (formerly Twitter) account.
